Phishing prevention best practices can be identified when studying the recent attack trends and creating or looking for anti-phishing solutions accordingly. This week’s phishing headlines serve the purpose of identifying security measures by highlighting the most significant cyber incidents throughout the week

Cyber Incident At Matthew Clark Bibendum

Alcoholic beverages and soft drinks distributor Matthew Clark Bibendum (MCB) recently underwent a cybersecurity incident that brought down its IT systems. The two constituent businesses Matthew Clark and Bibendum said that they are handling all customers and suppliers manually for all UK and Ireland customers.

The Dublin-headquartered C&C Group owns MCB, and its IT systems haven’t been affected by this incident. MCB, on the other hand, was quick to implement its cybersecurity response plan and shut its system to contain the attack. MCB is taking phishing prevention measures now and has extended its call-center capability to complete orders manually. It also informed law enforcement and the Information Commissioner’s Office. The company is also informing customers and suppliers of the breach. MCB has, however, refrained from commenting further on the incident.


Data Breach At Eversource Leaks 11k Customers’ Data

New England’s latest and largest energy delivery company – Eversource, underwent a data breach recently, which exposed the personal details of 11,000 Massachusetts-based customers. These details included their names, phone numbers, addresses, account numbers, social security numbers, and service addresses. The breach was detected in an internal security review at Eversource, where they discovered a misconfigured cloud data storage folder. The unsecured cloud storage servers could be accessed by anybody online.

Eversource has found no evidence of the data being acquired or misused by unauthorized parties. But it is nonetheless informing and warning customers to watch out for phishing emails. Eversource is ensuring protection against phishing by providing one year of free identity monitoring to its customers. The folder, too, has been secured.


MI5 Launches New Education Campaign Of British Linkedin Users

Off late, the professional networking space LinkedIn has been taking the limelight in cybersecurity headlines for the fake profiles and data exfiltration incidents launched there. Considering this threat factor, the British security agency MI5 has taken the initiative to educate UK nationals on the risks associated with malicious LinkedIn profiles via its campaign ‘Think Before You Link.’

Over time, atleast 10,000 UK nationals have experienced some fraud related to fake LinkedIn profiles. These fraudulent profiles are usually linked to hostile states. MI5 realizes the implications of losing their (British citizens) sensitive information to such malicious actors. Therefore, it has launched the education campaign Think Before You Link to inform and train UK nationals on avoiding disclosing personal details to foreign spies on LinkedIn. LinkedIn, too has welcomed this anti-phishing protection measure undertaken by MI5.


Over 750,000 Users Download Malicious Billing Apps

The Joker malware is infamous for getting past Google Play defenses and making fraudulent apps available in Google Play. This latest research by cybersecurity firms McAfee and Trend Micro track down nine such fraudulent billing apps under the threat actor Etinu. These malicious apps are  Barber Prank Hair Dryer, Clipper, and Scissors; Keyboard Wallpaper; Cool Girl Wallpaper/SubscribeSDK, PIP Photo Maker, Pop Ringtones for Android, 2021 Wallpaper and Keyboard, Keyboard Wallpaper, PIP Camera, and Picture Editor. The apps have been downloaded over 750,000 times in the Arabian Peninsula and Southwest Asia before they were identified and removed.

These billing fraud apps get into Google Play in the first place using versioning. They then steal SMS messages, device information, and users’ contact lists and make unauthorized purchases. The user details compromised in the process include the phone number, carrier, IP address, SMS message, IP address, network status, country, etc. All those users who believe that they have unknowingly installed any of these malicious apps must pay heed to phishing prevention tips, look out for unauthorized transactions and be analytical before downloading apps, even from the official app store.


Dating App ManHunt Undergoes Breach

The website of the twenty-year-old online dating app for men – ManHunt, was compromised by malicious third parties recently, which has exposed the personal details of about 7700 of its Washington-based users. ManHunt’s account credential database was leaked in the incident, which contained user details such as email addresses, usernames, and passwords.

As part of its measures to prevent phishing attacks, ManHunt imposed a password reset for all users. It also hired a team of external cybersecurity experts to investigate the breach. Fortunately, no card details, messages, user images, or other profile-related information was compromised in the incident.


Flixonline – The New Netflix Variant You Need To Stay Away From

A malicious Netflix variant is circulating among Android users, which promises users two months of free premium Netflix subscription. But in reality, it’s the malware FlixOnline getting into users’ devices and spying and controlling their Whatsapp. Upon installation, FlixOnline asks users for overlay permissions (Battery Optimization include) as it helps to ensure that the device doesn’t auto terminate the software to save power. The malicious app intercepts all Whatsapp chats and auto-responds to them by sending a text promoting the same ‘two months of free Netflix’ scam. The message contains a link to a fraudulent Netflix website that aims to steal victims’ credit card credentials.

There has been a sudden surge in the spread of wormable Android malware like FlixOnline. A seemingly harmless app that delivers what it promises can also be secretly spying on our Whatsapp and financial apps. Users must avoid reacting to messages from sources and take necessary measures to protect yourself from phishing.


Major Cybersecurity Incident At Codecov

Codecov is a San Francisco-based company making software auditing tools for developers to test the efficiency of their codes. In the latest incident, cyber adversaries have compromised one of Codecov’s software development tools. Now they are using automation to access, copy and steal hundreds of Codecov networks. The attack has expanded ever since the threat actors are using Codecov to compromise other software development program makers and technology service providers such as IBM.

Such an invasive approach is sure to help adversaries gain access to thousands of restricted systems. While the likes of IBM have reported no code alterations, they are yet to comment whether access credentials to their systems were compromised. After the FBI took over the case, several victims (including private securing firms) have been notified about the Codecov incident. However, the silver lining is that even Codecov users who were seemingly unaffected by the incident are adopting phishing protection measures. Experts say that the efforts involved in the Codecov incident are similar to that of the 2020 SolarWinds attack.